Most recents (2)

The #ContiLeaks contained some messages consisting of IP:Username:pass combinations for #Conti infrastructure.
This allows us to connect certain #Trickbot activcity with the #Conti group:

1/x

The IP's in the image are the following:
117.252.69[.]134
117.252.68[.]15
116.206.153[.]212
103.78.13[.]150
103.47.170[.]131
103.47.170[.]130
118.91.190[.]42
117.197.41[.]36
117.222.63[.]77
117.252.69[.]210

2/x

Using @MaltegoHQ together with OTX/Alienvault and
@virustotal integration, we are able to connect several of these IP's to #Trickbot activity:

3/x

Read 8 tweets

3xp0rt

@3xp0rtblog

@James_inthe_box

#Malware #Stealer #FickerStealer

New interesting MaaS Ficker Stealer is written on Rust with using Assembly language.

SUC549.exe:
virustotal.com/gui/file/dc021…
app.any.run/tasks/04c558fa…

Special thanks to @James_inthe_box, @ThreatHive.

https://twitter.com/James_inthe_box/status/1318571872343052288?s=20

Build programming language: Rust + ASM
Panel programming language: Rust + React

Price: 90$ (1 week), 200$ (1 month), 500$ (3 month), 900$ (6 month).

Functional:
- Recursive stealing passwords, credit cards, forms from Chromium-Based, Mozilla (40+ browser).

- Stealing sessions cryptocurrency wallets
- Stealing from Windows Credentials Manager
- Stealing sessions from Pidgin, Steam, Discord, ThunderBird, etc (optional)
- Stealing FTP clients (FileZilla, WinScp)
- Stealing system information
- Taking screenshot
- Universal grabber

Read 7 tweets

Discover and read the best of Twitter Threads about #stealer

Most recents (2)

Related hashtags

Discover and read the best of Twitter Threads about #stealer

Most recents (2)

Related hashtags

Did Thread Reader help you today?